Hello,
I need? a custom? Perl or Python script that will? block brute force SSH login attempts on a CentOS VPS.
Requirements? for the script:
1) The script should run? continuosly as a? daemon? and search the /var/log/secure log every 60 seconds.
2)It will look for the string "Failed password for root from" or "Failed password for invalid user from" and? store the ip? address as a? temporary variable.
I've? included some examples from my secure logs below as there seems to be 2 different types of log entries, one for root and one for invalid users:
Log sample for root:
Sep 10 23:44:14 vps7000 sshd[29727]: Failed password for root from 1.2.3.4 port 40619 ssh2
Sep 10 23:44:14 vps7000 sshd[29735]: Received disconnect from 1.2.3.4: 11: Bye Bye
Log sample for invalid user:
Sep? 8 06:32:50 vps7000 sshd[5679]: Invalid user admin from 1.2.3.4
Sep? 8 06:32:50 vps7000 sshd[5687]: input_userauth_request: invalid user admin
Sep? 8 06:32:52 vps7000 sshd[5679]: Failed password for invalid user admin from 1.2.3.4 port 34956 ssh2
Sep? 8 06:32:52 vps7000 sshd[5687]: Received disconnect from 1.2.3.4: 11: Bye Bye
3)The temporary variable? should then be checked to see if the ip address has had 5 or more failed attempts.
4)If the ip address has 5 or more failed attempts,? the ip address? should be added to the /etc/[login to view URL] in the format:
ALL: 1.2.3.4
5)The script should? be able to? detect? and prevent duplicate ip address entries in the [login to view URL] file.
6)There should be an option to exclude? an ip range with? the first 2 octets or the full ip address.? For example, exclude the ip range 1.2 or? 12.3.4
7)The script should be compatible with a CentOS 4 VPS.
8)It should be compatible with Python 2.3.4 or Perl 5.8.5.
9)The script must be original and cannot contain any open source code.?
If everything works well, I will have additional security projects for the chosen coder.
Thanks? for your interest